cobaltstrike

General

Target

CobaltStrikeBeacon
Size

283KB
Sample

231104-pcm2gsbf94
MD5

a62d5c8ef4d626febfcd2c00898c6c27
SHA1

854e020efefbf393e04d897b6b0b83ef92fd2db8
SHA256

5f37b85687780c089607670040dbb3da2749b91b8adc0aa411fd6280b5fa7103
SHA512

3a35487449b985f338473866da4308de760bdd3f52934e786dd28fb0030898a98000c0538159c8e2cb0ac54cda04fd9a73d7dfd1bcfc60be1c397c42730cd6da
SSDEEP

6144:guH8asY3G/Mzhc/Ly9iB036PQ3ouBIkBZ8dRaBvvQD:gz1aG/L/O53jBZcGvvQD

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

1580103824

C2

http://109.206.243.59:443/Enable/1998/BPYMMENCN

Attributes

access_type
512
beacon_type
2048
host
109.206.243.59,/Enable/1998/BPYMMENCN
http_header1
AAAACgAAACxBY2NlcHQ6IGltYWdlLyosIHRleHQvaHRtbCwgYXBwbGljYXRpb24vanNvbgAAAAoAAAATQWNjZXB0LUxhbmd1YWdlOiB1awAAAAoAAAAjQWNjZXB0LUVuY29kaW5nOiBpZGVudGl0eSwgY29tcHJlc3MAAAAHAAAAAAAAAA8AAAANAAAAAgAAAAZfQU9pZD0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAACtBY2NlcHQ6IGFwcGxpY2F0aW9uL3htbCwgaW1hZ2UvKiwgdGV4dC9odG1sAAAACgAAABZBY2NlcHQtTGFuZ3VhZ2U6IGVuLXphAAAACgAAAB1BY2NlcHQtRW5jb2Rpbmc6IGlkZW50aXR5LCBicgAAAAcAAAAAAAAADwAAAA0AAAAFAAAACV9WR0tDR0FHRAAAAAcAAAABAAAADwAAAAgAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
8448
polling_time
92081
port_number
443
sc_process32
%windir%\syswow64\w32tm.exe
sc_process64
%windir%\sysnative\systray.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCDjafSAG/t5AV7MoJ0+yfqNVP8VKHTcWG23Xwqeq+bC34ftgavpOGxc90RaJYkBZQfMrMG2vVGWBcJjYS9OpN0RgqnTKV7X386f0joSLS9E/wKAP7GwQKUwjE7xZVlzelWDQBRq7/OaBXAF405hSi4eRWAuEIZeAWk8/irwifE5wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
2.589791488e+09
unknown2
AAAABAAAAAEAAASeAAAAAgAAA6EAAAANAAAADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/Link/configs/Y8JEK5UPLWVZ
user_agent
Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.154 Safari/537.36
watermark
1580103824

Targets

- Target
  
  CobaltStrikeBeacon
- Size
  
  283KB
- MD5
  
  a62d5c8ef4d626febfcd2c00898c6c27
- SHA1
  
  854e020efefbf393e04d897b6b0b83ef92fd2db8
- SHA256
  
  5f37b85687780c089607670040dbb3da2749b91b8adc0aa411fd6280b5fa7103
- SHA512
  
  3a35487449b985f338473866da4308de760bdd3f52934e786dd28fb0030898a98000c0538159c8e2cb0ac54cda04fd9a73d7dfd1bcfc60be1c397c42730cd6da
- SSDEEP
  
  6144:guH8asY3G/Mzhc/Ly9iB036PQ3ouBIkBZ8dRaBvvQD:gz1aG/L/O53jBZcGvvQD
Score

10^/10

cobaltstrike 1580103824 backdoor trojan upx
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1